Security Articles from Wikipedia

More documents

Recommendations

Info

Public-key cryptography 103 Actual algorithms—two linked keys Not all asymmetric key algorithms operate in precisely this fashion. The most common ones have the property that Alice and Bob each own two keys, one for encryption and one for decryption. In a secure asymmetric key encryption scheme, the private key should not be deducible from the public key. This is known as public-key encryption, since an encryption key can be published without compromising the security of messages encrypted with that key. In the analogy above, Bob might publish instructions on how to make a lock ("public key"), but the lock is such that it is impossible (so far as is known) to deduce from these instructions how to make a key that will open that lock ("private key"). Those wishing to send messages to Bob use the public key to encrypt the message; Bob uses his private key to decrypt it. Another example is that Alice and Bob both choose a key at random and contact each other to compare the depth of each notch on their keys. Having determined the difference a locked box is built with a special lock that has each pin inside divided into 2 pins, matching the numbers of their keys. Now the box will be able to be opened with either key and Alice and Bob can exchange messages inside securely. Weaknesses Of course, there is a possibility that someone could "pick" Bob's or Alice's lock. Among symmetric key encryption algorithms, only the one-time pad can be proven to be secure against any adversary, no matter how much computing power is available. However, there is no public-key scheme with this property, since all public-key schemes are susceptible to the brute-force key search attack. Such attacks are impractical if the amount of computation needed to succeed (termed 'work factor' by Claude Shannon) is out of reach of potential attackers. In many cases, the work factor can be increased by simply choosing a longer key. But other attacks may have much lower work factors, making resistance to brute-force attack irrelevant, and some are known for some public key encryption algorithms. Both RSA and ElGamal encryption have known attacks that are much faster than the brute-force approach. Such estimates have changed both with the decreasing cost of computer power, and new mathematical discoveries. In practice, these insecurities can be generally avoided by choosing key sizes large enough that the best-known attack would take so long that it is not worth any adversary's time and money to break the code. For example, if an estimate of how long it takes to break an encryption scheme is one thousand years, and it were used to encrypt your credit card details, they would be safe enough, since the time needed to decrypt the details will be rather longer than the useful life of those details, which expire after a few years. Typically, the key size needed is much longer for public key algorithms than for symmetric key algorithms. Aside from the resistance to attack of a particular keypair, the security of the certification hierarchy must be considered when deploying public key systems. Some certificate authority (usually a purpose built program running on a server computer) vouches for the identities assigned to specific private keys by producing a digital certificate. Public key digital certificates are typically valid for several years at a time, so the associated private keys must be held securely over that time. When a private key used for certificate creation higher in the PKI server hierarchy is compromised or accidentally disclosed then a man-in-the-middle attack is possible, making any subordinate certificate wholly insecure. Major weaknesses have been found for several formerly promising asymmetric key algorithms. The 'knapsack packing' algorithm was found to be insecure when a new attack was found. Recently, some attacks based on careful measurements of the exact amount of time it takes known hardware to encrypt plain text have been used to simplify the search for likely decryption keys (see side channel attack). Thus, mere use of asymmetric key algorithms does not ensure security; it is an area of active research to discover and protect against new attacks. Another potential security vulnerability in using asymmetric keys is the possibility of a man-in-the-middle attack, in which communication of public keys is intercepted by a third party and modified to provide different public keys instead. Encrypted messages and responses must also be intercepted, decrypted and re-encrypted by the attacker
Public-key cryptography 104 using the correct public keys for different communication segments in all instances to avoid suspicion. This attack may seem to be difficult to implement in practice, but it's not impossible when using insecure media (e.g., public networks such as the Internet or wireless communications). A malicious staff member at Alice or Bob's ISP might find it quite easy to carry out. In the earlier postal analogy, Alice would have to have a way to make sure that the lock on the returned packet really belongs to Bob before she removes her lock and sends the packet back. Otherwise, the lock could have been put on the packet by a corrupt postal worker pretending to be Bob to Alice. One approach to prevent such attacks is the use of a certificate authority, a trusted third party responsible for verifying the identity of a user of the system and issuing a tamper resistant and non-spoofable digital certificate for participants. Such certificates are signed data blocks stating that this public key belongs to that person, company, or other entity. This approach also has weaknesses. For example, the certificate authority issuing the certificate must be trusted to have properly checked the identity of the key-holder, the correctness of the public key when it issues a certificate, and has made arrangements with all participants to check all certificates before protected communications can begin. Web browsers, for instance, are supplied with many self-signed identity certificates from PKI providers; these are used to check certificate's bonafides (issued properly by the claimed central PKI server?) and then, in a second step, the certificate of a potential communicant. An attacker who could subvert the certificate authority into issuing a certificate for a bogus public key could then mount a man-in-the-middle attack as easily as if the certificate scheme were not used at all. Despite its problems, this approach is widely used; examples include SSL and its successor, TLS, which are commonly used to provide security in web browsers, for example, to securely send credit card details to an online store. Computational cost Public key algorithms known thus far are relatively computationally costly compared with most symmetric key algorithms of apparently equivalent security. The difference factor is the use of typically quite large keys. This has important implications for their practical use. Most are used in hybrid cryptosystems for reasons of efficiency; in such a cryptosystem, a shared secret key ("session key") is generated by one party and this much briefer session key is then encrypted by each recipient's public key. Each recipient uses the corresponding private key to decrypt the session key. Once all parties have obtained the session key they can use a much faster symmetric algorithm to encrypt and decrypt messages. In many of these schemes, the session key is unique to each message exchange, being pseudo-randomly chosen for each message. Associating public keys with identities The binding between a public key and its 'owner' must be correct, lest the algorithm function perfectly and yet be entirely insecure in practice. As with most cryptography, the protocols used to establish and verify this binding are critically important. Associating a public key with its owner is typically done by protocols implementing a public key infrastructure; these allow the validity of the association to be formally verified by reference to a trusted third party, in the form of either a hierarchical certificate authority (e.g., X.509), a local trust model (e.g., SPKI), or a web of trust scheme (e.g., that originally built into PGP and GPG and still to some extent usable with them). Whatever the cryptographic assurance of the protocols themselves, the association between a public key and its owner is ultimately a matter of subjective judgment on the part of the trusted third party, since the key is a mathematical entity while the owner, and the connection between owner and key, are not. For this reason, the formalism of a public key infrastructure must provide for explicit statements of the policy followed when making this judgment. For example, the complex and never fully implemented X.509 standard allows a certificate authority to identify its policy by means of an object identifier, which functions as an index into a catalog of registered policies. Policies may exist for many different purposes, ranging from anonymity to military classification.
Page 1 and 2:
Security Articles from Wikipedia PD
Page 3 and 4:
Article Licenses License 180
Page 5 and 6:
Advanced Encryption Standard 2 is a
Page 7 and 8:
Advanced Encryption Standard 4 The
Page 9 and 10:
Advanced Encryption Standard 6 Know
Page 11 and 12:
Advanced Encryption Standard 8 Test
Page 13 and 14:
Block cipher 10 Block cipher In cry
Page 15 and 16:
Block cipher 12 Block ciphers and o
Page 17 and 18:
Block cipher modes of operation 14
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Certificate authority 24 Certificat
Page 29 and 30:
Certificate authority 26 Security T
Page 31 and 32:
CMAC 28 The CMAC tag generation pro
Page 33 and 34:
Cryptographic hash function 30 resi
Page 35 and 36:
Cryptographic hash function 32 func
Page 37 and 38:
Cryptographic hash function 34 Algo
Page 39 and 40:
DiffieHellman key exchange 36 The s
Page 41 and 42:
DiffieHellman key exchange 38 3. Bo
Page 43 and 44:
DiffieHellman key exchange 40 Upon
Page 45 and 46:
DiffieHellman key exchange 42 • C
Page 47 and 48:
Digital signature 44 every paramete
Page 49 and 50:
Digital signature 46 implemented. I
Page 51 and 52:
Digital signature 48 authority). Fo
Page 53 and 54:
Digital Signature Algorithm 50 Digi
Page 55 and 56: Digital Signature Algorithm 52 Sens
Page 57 and 58: HMAC 54 Implementation The followin
Page 59 and 60: HMAC 56 External links • FIPS PUB
Page 61 and 62: HTTP Secure 58 Browser integration
Page 63 and 64: HTTP Secure 60 From an architectura
Page 65 and 66: IPsec 62 IPsec Internet Protocol Se
Page 67 and 68: IPsec 64 operates directly on top o
Page 69 and 70: IPsec 66 Cryptographic algorithms C
Page 71 and 72: IPsec 68 External links • All IET
Page 73 and 74: Kerberos (protocol) 70 Kerberos (pr
Page 75 and 76: Kerberos (protocol) 72 Client Authe
Page 77 and 78: Kerberos (protocol) 74 External lin
Page 79 and 80: Message authentication code 76 Mess
Page 81 and 82: Message authentication code 78 Exte
Page 83 and 84: NeedhamSchroeder protocol 80 S resp
Page 85 and 86: Pretty Good Privacy 82 Pretty Good
Page 87 and 88: Pretty Good Privacy 84 Security qua
Page 89 and 90: Pretty Good Privacy 86 PGP 3 and fo
Page 91 and 92: Pretty Good Privacy 88 based on sec
Page 93 and 94: Public key certificate 90 Public ke
Page 95 and 96: Public key certificate 92 (b) ensur
Page 97 and 98: Public key certificate 94 Usefulnes
Page 99 and 100: Public key infrastructure 96 As tim
Page 101 and 102: Public key infrastructure 98 Extern
Page 103 and 104: Public-key cryptography 100 In cont
Page 105: Public-key cryptography 102 To achi
Page 109 and 110: Public-key cryptography 106 Spreadi
Page 111 and 112: Public-key cryptography 108 Externa
Page 113 and 114: RSA (algorithm) 110 The RSA algorit
Page 115 and 116: RSA (algorithm) 112 A working examp
Page 117 and 118: RSA (algorithm) 114 Signing message
Page 119 and 120: RSA (algorithm) 116 Side-channel an
Page 121 and 122: RSA (algorithm) 118 • The PKCS #1
Page 123 and 124: S/MIME 120 administrative overhead
Page 125 and 126: Secure Electronic Transaction 122 T
Page 127 and 128: Secure Shell 124 Usage SSH is typic
Page 129 and 130: Secure Shell 126 • RFC 4462, Gene
Page 131 and 132: Secure Shell 128 ability to multipl
Page 133 and 134: Security service (telecommunication
Page 135 and 136: Security service (telecommunication
Page 137 and 138: SHA-1 134 SHA-1 SHA-1 General Desig
Page 139 and 140: SHA-1 136 Applications SHA-1 forms
Page 141 and 142: SHA-1 138 At the Rump Session of CR
Page 143 and 144: SHA-1 140 a = temp Add this chunk's
Page 145 and 146: SHA-1 142 • Xiaoyun Wang, Yiqun L
Page 147 and 148: Stream cipher 144 Types of stream c
Page 149 and 150: Stream cipher 146 Filter generator
Page 151 and 152: Stream cipher 148 SNOW Pre-2003 Ver
Page 153 and 154: Symmetric-key algorithm 150 Key gen
Page 155 and 156: Transport Layer Security 152 TLS 1.
Page 157 and 158:
Transport Layer Security 154 • SS
Page 159 and 160:
Transport Layer Security 156 • Fi
Page 161 and 162:
Transport Layer Security 158 Length
Page 163 and 164:
Transport Layer Security 160 layer
Page 165 and 166:
Transport Layer Security 162 Suppor
Page 167 and 168:
Transport Layer Security 164 • RF
Page 169 and 170:
Transport Layer Security 166 Extern
Page 171 and 172:
X.509 168 Extensions informing a sp
Page 173 and 174:
X.509 170 00:d3:a4:50:6e:c8:ff:56:6
Page 175 and 176:
X.509 172 Exploits • MD2-based ce
Page 177 and 178:
X.509 174 External links • ITU-T
Page 179 and 180:
Article Sources and Contributors 17
Page 181 and 182:
Article Sources and Contributors 17
Page 183:
License 180 License Creative Common
show all

Security Articles from Wikipedia

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?